CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41653 – Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41653
27 May 2025 — An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-410: Insufficient Resource Pool •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41652 – Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41652
27 May 2025 — The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-656: Reliance on Security Through Obscurity •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41651 – Weidmueller: Missing Authentication Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41651
27 May 2025 — Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41650 – Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41650
27 May 2025 — An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41649 – Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41649
27 May 2025 — An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1393 – Weidmueller: Authentication Vulnerability due to Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2025-1393
05 Mar 2025 — An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product. Un atacante remoto no autenticado puede usar credenciales codificadas para obtener privilegios de administración completos en el producto afectado. • https://certvde.com/en/advisories/VDE-2025-021 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.4EPSS: 0%CPEs: 18EXPL: 0CVE-2022-3073 – Quaonos Schema ST4 example templates prone to XSS
https://notcve.org/view.php?id=CVE-2022-3073
14 Dec 2022 — Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'. Las plantillas web de ejemplo "SCHEMA ST4" de Quanos en la versión Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 o inferior son propensas a la inyección de JavaScript, lo qu... • https://cert.vde.com/de/advisories/VDE-2022-056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33539 – WEIDMUELLER: WLAN devices affected by authentication bypass vulnerability
https://notcve.org/view.php?id=CVE-2021-33539
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad explotable de omisión d... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 32EXPL: 0CVE-2021-33538 – WEIDMUELLER: WLAN devices affected by improper access control vulnerability
https://notcve.org/view.php?id=CVE-2021-33538
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presen... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 2%CPEs: 32EXPL: 0CVE-2021-33537 – WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2021-33537
25 Jun 2021 — In Weidmueller Industrial WLAN devices in multiple versions an exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. En los dispositivos Weidmueller Industrial WLAN en múltiples versiones, se presenta una vulnerabilidad de ejecución... • https://cert.vde.com/en-us/advisories/vde-2021-026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •